The CISM Domains – An Overview

April 14, 2011 by Kenneth Magee

ISACA’s 2011 CISM fits into DoD 8570.01-M as satisfying IAM Level II

The exam consists of 5 domains as follows:

Domain 1: Information Security Governance (23% of the exam or 46 questions)

Domain 2: Information Risk Management (22% of the exam or 44 questions)

Domain 3: Information Security Program Development (17% of the exam or 34 questions)

Domain 4: Information Security Program Management (24% of the exam or 48 questions)

Domain 5: Incident Management and Response (14% of the exam or 28 questions)

The exam consists of 200 multiple-choice questions that cover the five CISM job practice areas and is administered over a four-hour period.  A scaled score of 450 or higher is required to pass the exam.  Approximately eight weeks after the exam date, the official exam results are mailed to candidates.  The final June certification exam registration deadline has been extended to April 15, 2011 so you have a couple of days left to sign-up

It’s important as an information security manager to understand the areas, not just to pass the exam, but to provide value to the Information Security Management process.


Posted: April 14, 2011
Articles Author
Kenneth Magee
View Profile

J Kenneth (Ken) Magee is president and owner of Data Security Consultation and Training, LLC, which specializes in data security auditing and information security training. He has over 40 years of IT experience in both private industry and the public sector with the last 21 devoted to IT security and Risk Management.

Ken holds degrees from Robert Morris University and Fairleigh Dickinson University. He holds 30 certifications including: CTT+, CEH, CPT, SSCP, CISSP-ISSMP, CAP, CISA, CISM, ISO 27001 PA, GIAC-GWAPT/GSEC/GSNA, CIA-CGAP, Security+, and CDP. He is a Senior Instructor with the InfoSec Institute.